Educause Security Discussion mailing list archives

Re: Password Expatriation notification

From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Sat, 21 Aug 2010 17:35:40 +1200

On 18/08/2010, at 6:44 AM, James Farr '05 wrote:

We recently implemented a policy where the users receives an email 30 days
before the password is set to expire.   Sure enough people thought this was
a phishing attempt.   However, since we have some off campus users that may
never step foot on campus email seemed to be the only way to notify
everyone.




I have had this problem notifying people about possibly compromised credentials too.

After a bit of toing and froing we managed to convince the keepers of the university home page to add a password change 
link to the list of quick links on www.auckland.ac.nz.   Now we can tell folk how to change password easily without 
giving any urls.  We will use the same technique when we start expiring passwords later this year.

Russell

Current thread:

Re: Password Expatriation notification, (continued)
- - - Re: Password Expatriation notification charlie derr (Aug 19)
    - Re: Password Expatriation notification Eric Case (Aug 19)
    - Re: Password Expatriation notification James Farr '05 (Aug 19)
    - Re: Password Expatriation notification SCHALIP, MICHAEL (Aug 19)
    - Re: Password Expatriation notification Eric Case (Aug 19)
    - Re: Password Expatriation notification Eric Case (Aug 19)
    - Re: Password Expatriation notification Morrow Long (Aug 19)
    - Re: Password Expatriation notification Allison Dolan (Aug 19)
    - Re: Password Expatriation notification Ullman, Catherine (Aug 19)
    - Re: Password Expatriation notification James Farr '05 (Aug 19)
    - Re: Password Expatriation notification Russell Fulton (Aug 20)
    - Re: Password Expatriation notification Dergenski, Todd A. (Aug 23)
    - Re: Password Expatriation notification Ozzie Paez (Aug 23)
    - Back on topic.... Re: [SECURITY] University credentials used by third parties Flynn, Gary - flynngn (Aug 24)
    - Re: Back on topic.... Re: [SECURITY] University credentials used by third parties Joel Rosenblatt (Aug 24)
    - Re: Back on topic.... Re: [SECURITY] University credentials used by third parties Guy Pace (Aug 24)
    - Re: Back on topic.... Re: [SECURITY] University credentials used by third parties David L. Wasley (Aug 24)
    - Re: Back on topic.... Re: [SECURITY] Universitycredentials used by third parties David Gillett (Aug 24)
    - Re: Back on topic.... Re: [SECURITY] University credentials used by third parties Jesse Thompson (Aug 25)
    - Re: Back on topic.... Re: [SECURITY] University credentials used by third parties Mike Porter (Aug 25)
    - Re: Back on topic.... Re: [SECURITY] Universitycredentials used by third parties David Gillett (Aug 25)

(Thread continues...)